GHSA-RCVQ-M9J9-6F4G @hapi/inert has a static-file confinement bypass via sibling-prefix path

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

Directory Traversal

Overview @hapi/inert is a Static file and directory handlers plugin for hapi.js Affected versions of this package are vulnerable to Directory Traversal via the confine option. An unauthenticated remote attacker can access files outside the intended directory by crafting requests that exploit...

@hapi/inert has a static-file confinement bypass via sibling-prefix path

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

PT-2026-48806

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

EUVD-2020-0621

Malware in sbrugna...

Malicious code in test-mlw2-nodes-inert (npm)

The package test-mlw2-nodes-inert was found to contain malicious code...

MAL-2025-35875 Malicious code in test-mlw2-nodes-inert (npm)

The package test-mlw2-nodes-inert was found to contain malicious code...

Hidden Directories Always Served in inert

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false. The inert directory handler always allows files in hidden directories to be served, even when showHidden is false...

inert node module inert directory handler information disclosure vulnerability

The inert node module is a static file and directory handler for hapi.js. inert directory handler is one of the directory insertion handlers. An information disclosure vulnerability exists in the inert directory handler in versions of the inert node module prior to 1.1.1. An attacker can exploit...

CVE-2014-10068

The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when showHidden is false...

Design/Logic Flaw

The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when showHidden is false...

CVE-2014-10068

The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when showHidden is false...

CVE-2014-10068

The CVE-2014-10068 issue affects the inert Node.js module (inert) prior to 1.1.1, where the inert directory handler can serve files from hidden directories even when showHidden is false. Affected versions are 1.1.0 and earlier. The root cause is an information-disclosure vulnerability in the dire...

Hidden Directories Always Served

Overview Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false. The inert directory handler always allows files in hidden directories to be served, even when showHidden is...